The foreign hacker organization “Shadow Brokers” issued a confidential document of the NSA formula on April 14, 2017, which contains multiple Windows remote exploit tools that can cover 70% of the world's Windows servers. In order to ensure your business security on the Alibaba Cloud, please pay attention to the details of the vulnerabilities as follows:

The tool exposed this time leverages SMB services and RDP services to invade remotely. Users need to check if the ports 137, 139, 445, and 3389 are enabled. The method of detection is:To telnet the destination address 445 on a computer external to your network, for example, telnet [IP] 445

3. Mitigation Measures

(1) Microsoft has issued a circular, strongly recommending that you update the latest patch. Please refer to the link below for details.https://blogs.technet.microsoft.com/msrc/2017/04/14/protecting-customers-and-evaluating-risk/

(2) At present, the Alibaba Cloud console also issued a one-key circumvention tool for this vulnerability. If you do not use 137, 139, 445 ports in your business, you can log on to the ECS Console - Security Group Management - Rule Configuration to use the tool to circumvent this risk.

We will continue to follow the progress of this event, and keep you updated. You can get more details by following this link: https://www.alibabacloud.com/forum/read-888. Thank you for your support on Alibaba Cloud!